/* The spec allows for a longer length than this, but we limit it */
#define HELLO_VERIFY_REQUEST_MAX_LENGTH 258
#define SERVER_HELLO_MAX_LENGTH 20000
+#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000
#define SERVER_KEY_EXCH_MAX_LENGTH 102400
#define SERVER_HELLO_DONE_MAX_LENGTH 0
#define CCS_MAX_LENGTH 1
/* Max should actually be 36 but we are generous */
#define FINISHED_MAX_LENGTH 64
+/* Extension context codes */
+#define EXT_DTLS_ONLY 0x01
+#define EXT_CLIENT_HELLO 0x02
+/* Really means TLS1.2 or below */
+#define EXT_TLS1_2_SERVER_HELLO 0x04
+#define EXT_TLS1_3_SERVER_HELLO 0x08
+#define EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x10
+#define EXT_TLS1_3_HELLO_RETRY_REQUEST 0x20
+#define EXT_TLS1_3_CERTIFICATE 0x40
+#define EXT_TLS1_3_NEW_SESSION_TICKET 0x80
+
/* Message processing return codes */
typedef enum {
/* Something bad happened */
__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst);
__owur WORK_STATE dtls_wait_for_dry(SSL *s);
-int tls_collect_extensions(PACKET *packet, RAW_EXTENSION **res,
- size_t *numfound, int *ad);
+int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
+ RAW_EXTENSION **res, size_t *numfound, int *ad);
/* some client-only functions */
__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt);
projects / openssl.git / blobdiff